Q: AES product
Mok-Kong Shen
Are there tiny handheld devices on the market that can do AES with
I/O in ASCII/hex or even better software that could be easily
installed on the more modern mobile phones for SMS security or whatever?
Thanks,
M. K. Shen
incog
free solution : http://www.cs.uku.fi/~mhassine/SafeSMS/ .
"Mok-Kong Shen" <mok-ko...@t-online.de> a �crit dans le message de news:
hbn01r$ohv$00$1...@news.t-online.com...
Mok-Kong Shen
> AES is maybe too much (complicated) for a handheld, but have a look at this
> free solution : http://www.cs.uku.fi/~mhassine/SafeSMS/ .
My knowledge is too humble and my own mobile phone is rather old.
But seeing the versatile capabilities of more modern mobiles phones,
I wonder why AES couldn't be installed on them. Storage capacity
certainly isn't a problem. High speed isn't unconditionally necessary
for SMS etc.
Thanks,
M. K. Shen
amzoti
I would say things like speed, processor, power requirements -
sometimes called SWap (size-weight-and-power).
Tom St Denis
It's pretty foolish to think even phones from 10 years ago couldn't
handle AES encrypting 140 bytes of data without eating the battery.
The real reason they don't come standard with crypto is in a lot of
cases it's ILLEGAL to encrypt messages to be sent over radio. I
believe that's changed since then in quite a few countries [I'm
talking back in the packet radio days...] but SMS is a fairly old
design and it's used all over the planet. I'd be surprised if there
weren't countries were radio traffic was allowed to be encrypted by
civilians.
Tom
Mok-Kong Shen
> amzoti <amz...@gmail.com> wrote:
>> I would say things like speed, processor, power requirements -
>> sometimes called SWap (size-weight-and-power).
>
> It's pretty foolish to think even phones from 10 years ago couldn't
> handle AES encrypting 140 bytes of data without eating the battery.
> The real reason they don't come standard with crypto is in a lot of
> cases it's ILLEGAL to encrypt messages to be sent over radio. I
> believe that's changed since then in quite a few countries [I'm
> talking back in the packet radio days...] but SMS is a fairly old
> design and it's used all over the planet. I'd be surprised if there
> weren't countries were radio traffic was allowed to be encrypted by
> civilians.
There are very likely countries today where encrpytions by civil
people would be considered something against the interest of
the governments. But isn't it that in the democratic (or at least
officially democratic) countries encryptions are allowed? If so,
then, if encryptions of e-mails is ok., why isn't encryptions
of SMS over mobile phone not o.k.? Anyway, I stronly guess
that in the majority of countries the use of AES to achieve
communication security by civil people isn't against the law.
The question now is, with such a large potential application
area, why hasn't AES yet been available on mobile phones (either
as commercial software or shareware/freeware)?
M. K. Shen
Joseph Ashwood
news:hbnr6j$fgf$03$1...@news.t-online.com...
> incog wrote:
>> AES is maybe too much (complicated) for a handheld,
It isn't. Have a look at reality, you'll find that AES, properly
implemented, is sufficiently fast on small devices, this was was in fact one
of the considerations in the selection process.
>> but have a look at this free solution :
>> http://www.cs.uku.fi/~mhassine/SafeSMS/ .
And never have security ever again. I was going to do a basic code review,
but it fails even the most basic code check (compilation). However I took a
quick look anyway. Among the low points, directly using the user password to
key Blowfish, and that's only if you set it to blowfish instead of the
propriety one I didn't even bother looking at, and of course the apparent
use of ECB mode. In short, completely, utterly, permanently, irrevocably,
pathetically insecure.
> My knowledge is too humble and my own mobile phone is rather old.
> But seeing the versatile capabilities of more modern mobiles phones,
> I wonder why AES couldn't be installed on them. Storage capacity
> certainly isn't a problem. High speed isn't unconditionally necessary
> for SMS etc.
There have been a few pay apps that implemented it, I don't know of any free
off-hand.
Joe
Blind Anagram
news:0c534fde-0c7c-4973...@2g2000prl.googlegroups.com...
I know of several mobile phone companies who have licensed my own AES code
for use on their products. At least one of them did this more than six years
ago.
__________ Information from ESET NOD32 Antivirus, version of virus signature database 4535 (20091023) __________
The message was checked by ESET NOD32 Antivirus.
Mok-Kong Shen
> I would say things like speed, processor, power requirements -
> sometimes called SWap (size-weight-and-power).
>
> I know of several mobile phone companies who have licensed my own AES
> code for use on their products. At least one of them did this more than
> six years ago.
Do you happen to know whether such a feature has been included
in the products currently being offered by them?
M. K. Shen
Blind Anagram
In some cases yes, others no.
A frequent use of AES in mobile phones is to offer encrypted 802.11
wireless network connectivity.
Mok-Kong Shen
This seems to imply that currently there aren't mobile phones on
the market such that a normal user could send an SMS encrypted
by AES with his own secret key. If this is in fact the case, I wonder
why it is so? I mean: Do all users have no need at all of communication
security, or is it perhaps something delicate in the firms' marketing
policy?
M. K. Shen
Mok-Kong Shen
> This seems to imply that currently there aren't mobile phones on
> the market such that a normal user could send an SMS encrypted
> by AES with his own secret key. If this is in fact the case, I wonder
> why it is so? I mean: Do all users have no need at all of communication
> security, or is it perhaps something delicate in the firms' marketing
> policy?
I know almost nothing about hardware but "speculate" whether it could
even be feasible to encrypt voice with AES on the more modern mobile
phones, which apparently possess quite substantial processing capacity.
M. K. Shen
Mok-Kong Shen
> AES is maybe too much (complicated) for a handheld, .....
If a special (and hence likely cheaper) handheld for AES is not
available, implementing AES on palmtops shouldn't pose any problems,
I suppose.
M. K. Shen
xolo
Hi
Doesn't Blackberry (the latest one) support AES and Tripple DES
already? I don't own one per se but I've heard that for Obama needed
such encryption capabilities to in order to continue using his
Blackberry. In practice therefore mobile phones should be able to
support AES.
Regards,
Xolo
Mok-Kong Shen
> Mok-Kong Shen wrote:
>> If a special (and hence likely cheaper) handheld for AES is not
>> available, implementing AES on palmtops shouldn't pose any problems,
>> I suppose.
> Doesn't Blackberry (the latest one) support AES and Tripple DES
> already? I don't own one per se but I've heard that for Obama needed
> such encryption capabilities to in order to continue using his
> Blackberry. In practice therefore mobile phones should be able to
> support AES.
I also believe that possiblity of implementation shouldn't be an
issue on the more modern devices. The point is, given a common need
for communication security, why AES is not yet available on mobile
phones in the market for the general public. (Anyway, I haven't seen
such features advertised in my local mobile phone shops.)
M. K. Shen
Mok-Kong Shen
From a hint of a friend, I recalled that there was long time ago
a highly controversial issue about the so-called Clipper phone (cf.
http://www.flickr.com/photos/mattblaze/2276520350/). This seems to
indicate anyway that there is indeed a substantial demand of secure
communications over phone.
M. K. Shen
Mok-Kong Shen
See my posts in the recent thread of amzoti: "GSM Encryption".
M. K. Shen